Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
CyberArk Identity 21.5.131, when handling an invalid authentication attempt, sometimes reveals whether the username is valid. In certain authentication policy configurations with MFA, the API response length can be used to differentiate between a valid user and an invalid one (aka Username Enumeration). Response differentiation enables attackers to enumerate usernames of valid application users. Attackers can use this information to leverage brute-force and dictionary attacks in order to discover valid account information such as passwords.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
CyberArk Identity 授权问题漏洞
Vulnerability Description
CyberArk CyberArk Identity是CyberArk公司的提供最完整的身份安全平台,以确保端到端的所有身份。 CyberArk Identity 21.5.131存在安全漏洞,攻击者可以利用此漏洞获取用户名或密码。
CVSS Information
N/A
Vulnerability Type
N/A